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(57) An arrangement for selective filtering, e.g. 
one-way filtering, of messages received by a 
2-port bridge from stations connected to two 
LANs of an extended LAN is provided. The 
bridge includes a message filtering database 
containing the addresses of alt stations connec- 
ted to one of the LANs. The database also 
contains a list of higher-level protocols em- 
ployed by the stations. Associated with each 
protocol-type is information used by the bridge 
to dispose of the message. The message filter- 
ing database comprises a single table memory 
capable of supporting both ports of the bridge. 
The selective filtering process involves a two- 
step analysis by the bridge to determine 
whether to discard the message or forward it to 
another port. The analysis is based on a desti- 
nation address and a protocol-type of the re- 
ceived message. 
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FIELD OF THE INVENTION 

This invention relates generally to network com- 
munications and more specifically to an apparatus 
and method that provides selective filtering of mes- 
sages transmitted over the network using a single ad- 
dress and protocol database table. 

BACKGROUND OF THE INVENTION 

A local area network (LAN) is a low-cost, high- 
performance medium capable of transmitting informa- 
tion at high transfer rates among stations located with- 
in a moderately sized geographic area. Information is 
usually transmitted in the form of messages over a 
physical medium, e.g. a cable, in a broadcast fashion. 
Stations coupled to the LAN are assigned unique ad- 
dresses. Each message contains a source address of 
a transmitter station and a destination address of a re- 
ceiver station. The message is captured by a station 
having an address that matches the destination ad- 
dress. 

In addition to source and destination addresses, 
each message also includes a multibit protocol-type 
field. The protocol-type field contains a code identify- 
ing a higher-level protocol used in the message. This 
protocol identifies the type of message, the proce- 
dures for sending and receiving the message, and/or 
the way in which the message is to be interpreted. For 
example, a message may announce services offered 
by a station connected to the network and the protocol 
field may then indicate that it is a message of that 
type. The protocol- type field permits different proto- 
cols to coexist over a single transmission medium. A 
message announcing availability of a service will or- 
dinarily be a multicast message. The multicast mes- 
sage is a message transmitted to every station 
connected to the network; each station then process- 
es the message to determine whether it must re- 
spond. 

A bridge is a device that connects two or more 
LANs so that a station on one LAN may communicate 
with a station on another. A collection of LANs inter- 
connected by a bridge is called an extended LAN. The 
bridge receives and stores each message from a par- 
ticular LAN and then determines whether the mes- 
sage is to be forwarded to another LAN. Thus, the 
bridge is a "store-and-forward" device that isolates 
traffic to those LANs to which the traffic is destined. 
This allows simultaneous traffic on the individual 
LANs and increases the utilization and throughput of 
the extended LAN. 

Operationally, the bridge typically maintains an 
address table for each interface or port to a LAN, i.e. 
a table for each LAN to which the bridge is connected. 
The address table contains the addresses of all sta- 
tions connected to the particular LAN. A message re- 
ceived on one LAN by the bridge is "filtered", i.e. either 



forwarded to another LAN or discarded, on the basis 
of its destination address. More specifically, the ad- 
dress is filtered according to whether there is a match 
between the destination address of the message and 

5 an address stored in an address table and, if so, the 
table in which the match appears. 

The bridge also typically maintains a separate 
protocoltype table containing a list of the higher-level 
protocols accomodated by the respective stations 

10 connected to the extended LAN. As each message is 
received by the bridge, an independent determination 
is made whether to forward the message based on the 
protocol-type. That is, the protocoltype field of the 
message is compared against the protocoltype en- 
is tries in the table. If there is a match, the message is 
either forwarded or discarded, depending upon the 
configuration of the bridge. 

The forwarding determination is typically made by 
a processor in the bridge using a hashing function. 

20 Hashing is an efficient means of finding entries in a ta- 
ble, as compared to searching each entry. Generally, 
an algorithm applied to the protocol-type field produc- 
es an index. The index identifies the location of an en- 
try in the table. The content of the entry is then 

25 compared to the protocol-type of the message. 

This forwarding decision, also referred to as "pro- 
tocol filtering", is multi-directional; if.the protocol-type 
is found in the table, the message is either forwarded 
to every LAN connected to the bridge or completely 

30 discarded. If forwarded, the message may require 
some stations to perform unnecessary computations 
in order to process a request to which they will not re- 
spond. If the message is discarded, the transmitting 
station might not receive the response it seeks. This 

35 results in the inefficient use of system resources. 

SUMMARY OF THE INVENTION 

Briefly, an arrangement in accordance with the in- 
40 vention provides selective filtering, i.e. one-way filter- 
ing, of messages received by a 2-port bridge from 
stations connected to two LANs of an extended LAN. 
The bridge includes a message-filtering database 
containing the addresses of all stations connected to 
45 one of the LANs. The database also contains a list of 
higher-level protocols employed by the stations. As- 
sociated with each protocol-type is information used 
by the bridge to dispose of messages. The message- 
filtering component of the database comprises a sin- 
so gle table memory capable of supporting both ports of 
the bridge. The selective filtering process involves a 
two-step analysis by the bridge to determine whether- 
to discard a received message or forward it to another 
port. This analysis is based on the destination ad- 
55 dress and protocol-type of the message. 

More specifically, the bridge couples a work 
group (WG) LAN to a backbone (BB) LAN to create 
the extended LAN. As each message is received by 
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the bridge, the bridge initially compares the destina- 
tion address of the received message against the sta- 
tion addresses contained in the database. The 
decision of whether to discard the message or to con- 
tinue with the next step of the analysis is dependent 
on the contents of the database and the LAN from 
which the message was received. 

For example, a message is received by the bridge 
from a station connected to the WG LAN. If the data- 
base contains the addresses of the stations connect- 
ed to the WG LAN and the destination address of the 
received message is present in the database, the 
message is discarded by the bridge. Similarly, if the 
database contains the addresses of stations connect- 
ed to the BB LAN and the destination address is not 
in the database, the message is discarded. 

On the other hand, if the database contains the 
addresses of the stations connected to the WG LAN 
and the destination address of a message received 
over the WG LAN is not present in the database, the 
next step in the analysis is performed. Similarly, the 
message undergoes further scrutiny rf the database 
contains the addresses of the stations connected to 
the BB LAN and the destination address of a message 
received from the WG LAN is present in the database. 

In the next step of the analysis, the content of the 
protocol-type fteld of the message is compared 
against the protocol-type entries of the database. If 
there is no match between protocol-types, the mes- 
sage received over the WG LAN is forwarded to the 
BB LAN. If there is a match, the message is disposed 
of in accordance with associated disposition informa- 
tion stored in the bridge. 

The bridge may dispose of a message in a num- 
ber of ways depending upon the configuration and ap- 
plication of the extended LAN. Generally, the bridge 
may be instructed to discard the message if there is 
a match between the protocol types. Alternatively, the 
bridge may be directed to filter-out only multicast mes- 
sages destined for all stations connected to the LANs. 
Another option may be to filter-out only the multicast 
messages directed to the work group stations. Lastly, 
the disposition information may cause the bridge to fil- 
ter-out only the multicast messages intended for the 
backbone of the extended LAN. 

An advantage of this arrangement is that, in one 
aspect of the invention, the bridge in accordance with 
the invention functions exactly as prior bridges having 
separate address and protocol tables. Moreover, the 
2-port bridge described herein maintains only one ta- 
ble for the destination address database; prior 2-port 
bridges maintain two separate address tables, one for 
each port. This significantly reduces the cost of the 
bridge. 

Another advantage of this arrangement involves 
one-way protocol filtering of messages transmitted 
over the extended LAN. One-way filtering isolates sta- 
tions within a work group from certain transmitted 



messages, such as multicast messages. For exam- 
ple, a remote station seeking to bring a fresh operat- 
ing system into its memory, i.e. seeking to "boot", 
transmits a multicast message requesting that a sta- 

5 tion provide an operating system image. Processing 
of this message by individual stations requires com- 
putations that consume time on those stations. One- 
way protocol filtering isolates the work group of sta- 
tions from the message and thus increases the overall 

10 efficiency of the extended LAN by reducing unneces- 
sary computations by the stations. Additionally, the in- 
vention reduces the traffic on particular LANs 
generated by the routing of multicast messages, 
thereby increasing the bandwidth of the network. 

15 

BRIEF DESCRIPTION OF THE DRAWINGS 

The above and further advantages of the inven- 
tion may be better understood by referring to the fol- 

20 lowing description in conjunction with the 
accompanying drawings, in which: 

Fig. 1 is a diagram of an extended LAN configur- 
ation in which the bridging apparatus of the pres- 
ent invention may be advantageously used; 

25 Fig. 2 is a diagram of a message used for com- 

munication in the extended LAN of Fig. 1; 
Fig. 3 is a diagram of the bridging apparatus of 
Fig. 1; 

Fig. 4 is a diagram of a message filtering data- 
30 base contained in a single table in accordance 
with the invention; 

Fig. 5 is a diagram of an extended LAN using a 
prior art bridge; 

Fig. 6 is a diagram of an alternate embodiment of 
35 an extended LAN configuration using multiple 
bridges in accordance with the invention; 
Fig. 7 is a diagram of a symmetrical extended 
LAN configuration using the bridging apparatus of 
Fig. 3; and 

40 Fig. 8 is a diagram of a non-symmetrical extended 
LAN configuration using the bridging apparatus of 
Fig. 3. 

DETAILED DESCRIPTION OF ILLUSTRATIVE 
45 EMBODIMENTS 

Referring to Fig. 1, an extended local area net- 
work (LAN) 10 includes two LANs, a backbone (BB) 
LAN 16 and a work group (WG) LAN 22, coupled by 

so a 2-port bridge 30. The WG LAN 22 interconnects a 
relatively small group of stations, e.g. 24 and 26, while 
the BB LAN 1 6 generally interconnects a greater num- 
ber of stations, some of which are represented at 12 
and 14. A station may be any device ranging from a 

55 general-purpose, mainframe computer system to a 
simple data acquisition unit. However, the stations set 
forth herein are typically workstations or servers, each 
of which is configured to perform a specific function; 
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they communicate among themselves by transmitting 
and receiving messages over the LANs. 

The bridge 30 receives and stores all messages 
originating from stations 24 and 26 connected to the 
WG LAN 22 and then either discards them or forwards 
them to the BB LAN 16. The bridge 30 also receives 
messages from stations 12 and 14, and attends to 
these messages in a similar manner, i.e. either dis- 
cards them or forwards them to the WG LAN 22. Spe- 
cifically, the bridge 30 is a store-and-forward device 
that forwards only those messages destined for a LAN 
other than the one on which the messages originated. 
That is, the bridging arrangement in accordance with 
the invention provides selective filtering, i.e. one-way 
filtering, of messages received from the stations con- 
nected to the LANs. 

In accordance with the invention, the bridge 30 in- 
cludes a message filtering database containing the 
addresses of all stations connected to one of the 
LANs. The message filtering database comprises a 
single table memory 40 capable of supporting both 
ports of the 2-port bridge 30. The use of a single table 
memory bridge is based on the premise that the ad- 
dress of every station connected to the individual 
LANs of an extended LAN ultimately appear in one of 
two address tables of a prior art two-port bridge. Thus, 
if a particular address is not present in the single table 
memory of the invention, it would have been present 
in the other address table if the other address table ex- 
isted. It follows that the presence or absence of an ad- 
dress in the single table indicates which LAN contains 
that address. Accordingly, the single table memory 40 
stores and maintains addresses associated with one 
of the two ports connecting the bridge 30 to the LANs. 
In a preferred embodiment of the invention, the table 
40 contains the addresses associated with the port 
connecting to the WG LAN 22. 

The bridge 30 maintains the addresses in table 40 
by monitoring the traffic of messages on the LANs. 
Fig. 2 illustrates portions of a message 100. The con- 
tents of field 106 comprise the destination address of 
the message 100. The field 108 contains the source 
address of the message 100. Included in fields 106 
and 108 are two 1 -bit fields: fields 102 and 102a, re- 
spectively, which contain a multicast message bit or 
flag, and fields 104 and 104a, which contain a locally 
administered message flag. The functions and pur- 
poses of these flags are described below. Field 110 
identifies the higher-level protocol associated with the 
message 100 and the field 1 1 2 contains the data por- 
tion of the message. The remaining message check 
sequence field 114 contains a cyclic redundancy 
check (CRC) value that is used for detecting errors in 
the message 100. 

Referring again to Fig. 1, the bridge 30 operates 
in part by obtaining the source address of each mes- 
sage 1 00 from the field 1 08. It also detects the port on 
which the message appeared. If a message 100 ar- 



rives at the port connecting WG LAN 22 and the 
source address 1 08 is not present in the table 40, the 
bridge 30 adds the address to the table 40. Thus, the 
bridge 30 is a "self-learning" bridge and ultimately, ta- 

5 ble 40 contains the addresses of stations 24 and 26. 
The selective filtering of messages 100 per- 
formed by the bridge 30 involves a two-step analysis 
to determine whether to discard the message or for- 
ward it to another port. In general, the analysis in- 
to volves both address filtering and protocol filtering; 
that is, the bridge 30 searches the table 40 for the des- 
tination address and protocol-type of the received 
message 100. 

More specifically, the bridge 30 initially compares 

15 the destination address 106 of the message 100 with 
the entries of the table 40 to determine whether to dis- 
card the message or proceed with the next step of the 
analysis. The resulting decision is dependent on the 
direction of the received message 100. For example, 

20 the destination address 106 of a message 100 re- 
ceived from the WG LAN 22 is compared against the 
addresses stored in the table 40. If the destination ad- 
dress appears in the table 40, the message is discard- 
ed because the destination of the message is local to 

25 WG LAN 22. If the address is not found in the table 40, 
the bridge 30 proceeds with the next step of the ana- 
lysis. This decision is premised on the assumption 
that the destination station is resident on BB LAN 16. 
I n contrast, a message 1 00 received by the bridge 

30 30 on BB LAN 16 and having a destination address 
106 that is present in the table 40 undergoes a sub- 
sequent analysis to determine whether it will be for- 
warded to WG LAN 22. If the destination address 106 
is not present in the table 40, the bridge 30 operates 

35 under the assumption that the destination station is 
connected to BB LAN 16 and it therefore discards the 
message 100. 

In accordance with the invention, the message fil- 
tering database of table 40 also contains a list of high- 

40 er-level protocols accomodated by the stations. 
Associated with each protocol-type is information 
used by the bridge 30 to dispose of the message 100. 
A message that passes the address filtering stage 
thereafter has its protocol-type examined by the 

45 bridge 30. More specifically, the content of the proto- 
col-type field 110 of the message 100 is compared 
against the protocol-type entries of the table 40. If 
there is no match with one of the protocol-types, the 
message 100 is forwarded to the other LAN. If there 

50 is a match, the message 100 is disposed of by the 
bridge 30 in accordance with the associated disposi- 
tion information. An example of protocol-filtering is 
provided in connection with Fig. 6. 

Fig. 3 is a diagram of the bridge 30. A processor 

55 (CPU) 34 is primarily responsible for initializing the va- 
rious components of the bridge 30 and executing error 
routines in response to the components service re- 
quests. Two port controllers, i.e a BB port controller 
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18 and a WG port controller 28, receive and transmit 
messages 100 on the respective LANs 16 and 22. To 
that end, the port controllers 18 and 20 include trans- 
ceiver and decoding circuits, in addition to the logic re- 
quired to perform direct memory access (DMA) 5 
operations in a memory unit 36 via a bus 38. The 
memory unit 36 is preferably a random access mem- 
ory (RAM) array capable of temporarily storing incom- 
ing messages 100 from the LANs 16 and 22. 

A control unit 50, including logic circuits function- 10 
ing as independent state machines, performs the op- 
erations associated with the message filtering 
function of the bridge 30. More specifically, the control 
unit 50 responds to DMA requests from the port con- 
trollers 18 and 28 by allocating a portion of the mem- 15 
ory 36, called a "page", for the storage of a received 
message 100. It performs the address comparison 
between the destination address 106 of the received 
message 100 and the address contents of the table 
40. Additionally, it executes the comparison operation 20 
between the protocol-type 110 of the received mes- 
sage 100 and the protocol-type contents of the table 
40, if needed. The control unit 50 also disposes of the 
message 100 in accordance with results of the com- 
parisons. 25 

Fig. 4 depicts the single address and protocol ta- 
ble 40 of bridge 30. The bridge 30 maintains only one 
table 40 for the source address database. Moreover, 
a single table 40 is utilized for both the address and 
protocol-type databases of bridge 30. This is because 30 
the entries of the protocol database include flags that 
distinguish protocols from addresses; accordingly, 
these entries will not appear as addresses when the 
table 40 is searched for destination addresses. The 
single address/protocol table significantly reduces the 35 
cost of the bridge. 

More specifically, the message filtering database 
in table 40 includes address entries 42 and protocol- 
type entries 48. Associated with each protocol-type 
entry 48 is disposition information located elsewhere 40 
in the memory unit 36. Each entry of the table 40 in- 
cludes a multicast message flag 44 and a locally ad- 
ministered address flag 46. The multicast message 
flag 44 identifies a message having a group address 
for transmission to every station connected to the net- 45 
work. The locally administered flag 46 identifies an 
address as one assigned to a station within a partic- 
ular (isolated) LAN, i.e. "locally administered". The 
address entries 42 of table 40 are the source address- 
es of individual stations connected to one of the LANs, so 
e.g. the WG LAN 22. If a message 1 00 is received with 
the multicast message flag 104a set in the source ad- 
dress 1 08, that source address is not stored in the ta- 
ble 40. If a message 100 is received with the multicast 
message flag 104 set in the destination address 106, 55 
the destination address is not compared against the 
address entries 42 of the table 40 because the mes- 
sage is intended for all stations. Therefore, an entry 



with the flags 44 and 46 set cannot be a source ad- 
dress (or address directed to the bridge 30); in accor- 
dance with the invention, it is designated a protocol- 
type entry 48. 

The table 40 is preferably implemented as a con- 
tent addressable memory (CAM). A CAM reduces the 
time required to find an entry stored in a table by ac- 
cessing all entries simultaneously and in parallel on 
the basis of data content rather than by specific loca- 
tion in the memory. Thus, the destination address 106 
of each message 100 is quickly compared against 
each of the address entries 42 stored in table 40. Sim- 
ilarly, the content of the protocol-type field 1 1 0 of each 
message 1 00 is compared against the contents of the 
protocol-type entries 48, thereby eliminating the need 
for a hashing function to search the table 40. If there 
is a protocol-type match, the address of the matched 
entry, i.e. an index, is used by the control unit 50 to 
located the associated disposition information in 
memory 36. The message 100 is then disposed of ac- 
cording to the disposition information. 

Specifically, the bridge 30 may dispose of a mes- 
sage 100 in a number of ways depending upon the 
configuration and application of the extended LAN 1 0. 
Generally, the bridge 30 may be instructed to discard 
or completely filter-out the message 100 if there is a 
protocol-type match. Alternatively, the bridge 30 may 
be directed to filter-out only multicast messages des- 
tined for all of the stations connected to the extended 
LAN 1 0. Another option may be to filter-out only the 
multicast messages directed to the WG LAN 22. Last- 
ly, the disposition information 44 may configure the 
bridge 30 to filter-out only the multicast messages in- 
tended for the BB LAN 16 of the extended LAN 10. 

The operation of the bridge 30 in Fig. 3 will now 
be described with respect to the following example. A 
message 100 is received by the BB port controller 1 8, 
which then asserts a DMA REQ BB signal to a receive 
state machine (RSM) 52 in the control unit 50. The as- 
sertion of DMA REQ BB informs the control unit 50 
that the message is received from the BB LAN 16; this 
information is important to the message filtering deter- 
mination. The RSM 52 then responds with a DMA ac- 
knowledgement that includes the address of a page 
in the memory 36. The control unit 50 maintains an ex- 
ternal data structure, i.e. a stack 54, of page address- 
es in memory 36 available for allocation to the port 
controllers 18 and 28. The stack 54 is located in the 
memory 36. A pointer register 56 "points" to the ad- 
dress of the currently allocated page of memory 36. 
The RSM 52 then enables the appropriate RAM de- 
vices in the memory 36 to receive the message 100. 

Upon receiving the DMA acknowledgement, the 
BB port controller 18 commences transfer of the re- 
ceived message 100 to the memory unit 36. The des- 
tination address field 106 of the message 100 is 
initially transferred over the bus 38, followed by the 
source address field 108, the protocol-type field 110 
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and the message check sequence field 114. As the 
destination address is received by the memory 36, it 
is simultaneously captured by the control unit 50 and 
temporarily stored in an internal register 60. An ad- 
dress state machine (ASM) 62 then compares the 
destination address 106 against the address entries 
of the table 40. More specifically, the address compar- 
ison operation (and, later, the protocol comparison 
operation) is time-multiplexed over bus 38 with the on- 
going DMA operation so that the two operations effec- 
tively occur concurrently. 

The source address is then transferred to the 
memory unit 36 and simultaneously received by the 
control unit 50. The source address is stored in the in- 
ternal register 60 until the contents of the field 1 14 of 
the message 100 is received by control unit 50, at 
which time the message is checked for errors. The 
protocol-type field 1 10 is also captured by the control 
unit 50 while being transferred to the memory unit 36. 
A protocol state machine (PSM) 64 compares the pro- 
tocol-type field 110 against the protocol-type entries 
in the table 40. Thereafter, the data field 112 of the 
message 100 is transferred only to the memory 36. 

If the message 100 is free of errors, the control 
unit 50 then examines the source address. Since this 
particular message 100 originated in the BB LAN 16, 
the source address 108 is not stored, i.e. "learned", in 
the table 40. However, if the source address is pres- 
ent in the table 40, it must be removed by the control 
unit. This process, also known as migration monitor- 
ing, ensures the accuracy of the database in the event 
a station is moved from one LAN to the other. 

If the results of the address and protocol compar- 
ison indicate that the message is to be forwarded to 
the WG LAN 22, a transmit state machine (TSM) 66 
in the control unit 50 transfers the page address stor- 
ed in the pointer register 56 to the WG port controller 
28. The controller 28 then retrieves the contents of the 
location in the memory 36 and transfers the message 
100 over the WG LAN 22 to the destination station. 
The TSM 66 thereafter deallocates the memory page 
by placing its address onto the stack 54. If the results 
of the comparison indicate that the message is to be 
discarded, the page of memory 36 is likewise deallo- 
cated by the TSM 66 without transferring its contents 
to the WG port controller 28. 

In accordance with one aspect of the invention, 
the bridge 30, having a single address/protocol table 
40, functions exactly as prior 2-port bridges having 
two separate address tables. Fig. 5 depicts an extend- 
ed LAN 120 including a prior art, 2-port bridge 130. 
The bridge 130 includes an address table for each of 
its ports, e.g. address table 132 for the port coupling 
LAN 134 and address table 142 for the port coupling 
LAN 144. Address table 132 contains the addresses 
of stations 136 and 138 connected to the LAN 134, 
while the address table 142 contains the addresses of 
stations 146 and 148. The bridge 130 either forwards 



or discards a received message after searching both 
tables for the messages's destination address. When 
forwarded, the message is transferred to the port as- 
sociated with the address table having a matched ad- 
5 dress. 

For example, station 148 transmits a message to 
station 146. The bridge 130 stores the message and 
compares its destination address to the addresses in 
the tables 1 32 and 142. A match occurs in the address 

10 table 142; thus, the bridge 130 does not forward the 
message because the message is local to LAN 144. 
If, however, the destination address is station 136, a 
match ensues in the address table 1 32 and the bridge 
130 forwards the message to the LAN 134. Thus, the 

15 bridge 1 30 functions in a manner similar to the bridge 
30 in accordance with the invention. However, the pri- 
or art bridge 1 30 requires additional memory capacity 
to store the addresses of every station in the extended 
LAN 120. Such a requirement may be a cost-limiting 

20 factor, since a typical extended LAN may contain 
4000 to 10,000 stations. 

In contrast, there is no limit on the total number 
of stations connected to the BB LAN 16 of Fig. 1. 
Since the invention set forth herein does not store and 

25 maintain station addresses connected to BB LAN 1 6, 
there can be an unlimited number of stations connect- 
ed to it. Only the WG LAN 22 is bounded by the avail- 
able storage capacity of table 40. 

In another aspect of the invention, the single ad- 

30 dress/protocol table arrangement may be extended to 
a multiple "bridging" topology. This arrangement ex- 
ploits the protocol filtering technique described herein 
to allow one-way connectivity based on multicast 
messages. The stations connected to an extended 

35 LAN use multicast messages to initiate connections to 
other stations on the network. In general, if the proto- 
col-type of a multicast message is found in the single 
address/protocol table, a bridge in accordance with 
the invention may allow initiation of a connection from 

40 one port to the other, but may prevent initiation of a 
connection in the other direction. 

As an example, refer to the diagram of Fig. 6. An 
extended LAN 170 includes two LANs, a BB LAN 176 
and a WG LAN 182, coupled to a 2-port bridge 172. 

45 The WG LAN 1 82 interconnects stations 1 84 and 1 86 
to provide a first level of communication among the 
stations. A second level of communication is provided 
when WG LANs 182 and 198 are interconnected to 
the BB LAN 176 via bridges 172 and 192, respective- 

50 ly. Stations 194 and 196 are connected to WG LAN 
198. 

The configuration of the extended LAN 170 dis- 
tributes the message filtering function among a series 
of bridges to isolate traffic at the WG LAN level; in 
55 other words, messages originating in stations con- 
nected to one WG LAN may be forwarded to stations 
connected to another WG LAN based on the destina- 
tion addresses and protocol-types of the messages. 
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Accordingly, a very large network with many stations 
can be constructed using bridges, each of which has 
a single address/protocol table with relatively few en- 
tries. 

The address/protocol table 174 of bridge 172, 
which is similar to the table 40 depicted in Fig. 4, 
stores addresses of the stations 1 84 and 1 86 connect- 
ed to the WG LAN 182. The table 174 also contains 
identification of the protocol-types existing within the 
stations 1 84 and 1 86. A message 1 00, having the flag 
in its multicast message field 1 02 set, is received from 
the BB LAN 176. The content of the destination ad- 
dress field 1 06 is not compared against the addresses 
stored in the table 174 because the message specif- 
ices a multicast mode; therefore, the protocol-type 
field 110 of the message 100 is examined by the 
bridge 172. 

The content of the field 110 identifies a particular 
protocol used by the transmitting station, e.g. a local 
area transport (LAT) protocol. That content is com- 
pared against the protocol-type entries of the ad- 
dress/protocol table 174. A resulting match leads the 
bridge 172 to the memory 36 to examine the disposi- 
tion information associated with the protocol-type en- 
try. For this example, the disposition information 
directs the bridge 172 to dispose of the message as 
"multicast messages in that protocol to the work group 
not allowed". 

The bridge 172 is thus configured to completely 
filter-out LAT protocol multicast messages headed for 
the WG LAN 182; yet the bridge 192 need not be so 
configured. In this example, stations 1 84 and 1 94 con- 
nected to WG LANs 182 and 198, respectively, are 
workstations, while the stations 186 and 196 are ter- 
minal servers. Each workstation from time to time 
transmits a multicast message intended for the ser- 
vers. The multicast message transmitted by worksta- 
tion 184 is received by terminal server 186 and bridge 
172. Bridge 172 thereafter forwards the message to 
the terminal server 196 over the BB LAN 176 and by 
way of bridge 192. However, the message transmitted 
by workstation 1 94 is completely filtered-out by bridge 
182 and does not reach terminal server 186. 

Accordingly, the terminal server 186 can commu- 
nicate with the workstation 1 84 because they are con- 
nected to the same LAN 182; but terminal server 186 
cannot communicate with the workstation 194 in a 
multicast mode because the multicast message is 
blocked by the bridge 172. The workstation 194 is 
thus prevented from announcing its presence to and 
receiving service from the server 186. 

The one-way protocol filtering technique increas- 
es the efficiency of the system by reducing traffic on 
the individual LANs and by reducing the number of 
messages processed by individual stations connect- 
ed to them. One-way filtering also provides an in- 
creased level of security to the extended LAN by 
limiting access to certain resources from one direc- 



tion, while permitting access in the other. 

Refer now to Fig. 7. In an alternate embodiment 
of the invention, a bridge 152 forms the nucleus of an 
extended LAN 150. The network is configured sym- 

5 metrically, i.e. approximately half of the stations in the 
extended LAN 150 are connected to a LAN 156 and 
the other half are connected to a LAN 158. Here, the 
address/protocol table 1 54 of bridge 1 52 requires suf- 
ficient storage capacity for the addresses and proto- 

10 col-types of the stations connected to LAN 156, for 
example. 

The extended LAN 160 configuration depicted in 
Fig. 8 is typical of large networks, i.e. the majority of 
stations are connected to one LAN, e.g. BB LAN 168, 

15 while the remainder are connected to the WG LAN 
166. In this embodiment of the invention, the single 
address/protocol table 164 of bridge 162 need main- 
tain only a relatively small number of address and pro- 
tocol entries, i.e. those of the LAN 166 stations, 

20 resulting in a very substantial cost saving. 

The foregoing description has been limited to a 
specific embodiment of this invention. It will be appa- 
rent, however, that variations and modifications may 
be made to the invention, with the attainment of some 

25 or all of its advantages. Therefore, it is the object of 
the appended claims to cover all such variations and 
modifications as come within the true spirit and scope 
of the invention. 

30 

Claims 

1. Bridging apparatus having two ports for coupling 
to a first medium and a second medium, said ap- 
35 paratus providing selective filtering of messages 
transmitted between stations on said media, each 
of said messages including a destination address 
and a protocol-type code, said apparatus com- 
prising: 

40 means for receiving a message from said 

first medium; 

first storage means for storing a message 
filtering database, said database including: 

addresses of the stations connect- 
45 ed to only one of said first and second media; and 
protocol-types within the stations 
connected to said first and second media; 

second storage means for storing dispos- 
ition information associated with each of said pro- 
so tocol-types of said database; 

means for comparing said received mes- 
sage against said addresses and protocol-types 
of said database; and 

means responsive to said comparison 
55 means for selectively disposing of each received 

message in accordance with said disposition in- 
formation when said comparison means specifies 
forwarding said message to said second medium. 
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2. The bridging apparatus of claim 1 wherein said 
first storage means comprises a table for said 
ports. 

3. The bridging apparatus of claim 2 wherein said 
comparing means comprises means for compar- 
ing said destination address of said received 
message against said addresses of said data- 
base. 

4. The bridging apparatus of claim 3 wherein said 
addresses are addresses of stations connected 
to said first medium. 

5. The bridging apparatus of claim 4 wherein said 
selectively disposing means comprises means 
for discarding said received message when said 
destination address of said received message 
matches one of said addresses of said database. 

6. The bridging apparatus of claim 5 wherein said 
comparing means further comprises means for 
comparing said protocol-type code of said re- 
ceived message against said protocol-types of 
said database when said destination address of 
said received message does not match said ad- 
dresses of said database. 

7. The bridging apparatus of claim 6 wherein said 
selectively disposing means further comprises 
means for forwarding said received message to 
said second medium when: 

(i) said protocol-type of said received mes- 
sage matches one of said protocol-types of 
said database; and 

(ii) said disposition information associated 
with said matched protocol-type specifies for- 
warding said message to said second me- 
dium. 

8. The bridging apparatus of claim 7 wherein said ta- 
ble is a content addressable memory (CAM) hav- 
ing a plurality of entries. 

9. The bridging apparatus of claim 8 wherein a first 
portion of said plurality of entries of said CAM 
contain said addresses of said database. 

10. The bridging apparatus of claim 9 wherein a sec- 
ond portion of said plurality of entries of said CAM 
contain said protocol-types. 

11. The bridging apparatus of claim 10 wherein a first' 
flag and a second flag of said second portion of 
entries of said CAM are set to distingush said sec- 
ond portion from said first portion of said entries. 

12. The bridging apparatus of claim 11 wherein said 



first flag is a multicast message bit and said sec- 
ond flag is a locally administered message bit. 

13. The bridging apparatus of claim 3 wherein said 
5 address entries include the addresses of stations 

connected to said second medium. 

14. The bridging apparatus of claim 13 wherein said 
selectively disposing means comprises means 

10 for discarding said received message when said 
destination address of said received message 
does not match said addresses of said database. 

15. The bridging apparatus of claim 14-wherein said 
15 comparing means further comprises means for 

comparing said protocol-type code of said re- 
ceived message against said protocol-types of 
said database when said destination address of 
said received message matches one of said ad- 
20 dresses of said database. 

16. The bridging apparatus of claim 15 wherein said 
selectively disposing means further comprises 
means for forwarding said received message to 

25 said second medium when: 

(i) said protocol-type of said received mes- 
sage matches one of said protocol-types of 
said database; and 

(ii) said disposition information associated 
30 with said protocol-type specifies forwarding 

said message to said second medium. 

17. The bridging apparatus of claim 16 wherein said 
table is a content addressable memory (CAM) 

35 having a plurality of entries. 

18. The bridging apparatus of claim 17 wherein a first 
portion of said plurality of entries of said CAM 
contain said addresses of said database. 

40 

19. The bridging apparatus of claim 18 wherein a sec- 
ond portion of said plurality of entries of said CAM 
contain said protocol-types. 

45 20. The bridging apparatus of claim 1 9 wherein a first 
flag and a second flag of said second portion of 
entries of said CAM are set to distingush said sec- 
ond portion from said first portion of said entries. 

so 21. The bridging apparatus of claim 20 wherein said 
first flag is a multicast message bit and said sec- 
ond flag is a locally administered message bit. 

22. Bridging apparatus for coupling a first network to 
55 a second network and for providing filtering of 

messages transmitted between stations connect- 
ed to said networks, each of said messages in- 
cluding a destination address, said apparatus 
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comprising: 

means for receiving a message from said 
first network; 

means for comparing said destination ad- 
dress of said received message against address- 
es contained in an address table of said 
apparatus, said address table containing ad- 
dresses of said stations connected to one of said 
first and second networks; 

means for forwarding said received mes- 
sage to said second network when said address 
table contains the addresses of said stations con- 
nected to said first network and said destination 
address of said received message is not stored in 
said table, and when said table contains the ad- 
dresses of said stations connected to said second 
network and said destination address is stored in 
said table; and 

means for discarding said received mes- 
sage when said address table contains the ad- 
dresses of said stations connected to said first 
network and said destination address of said re- 
ceived message is stored in said table, and when 
said table contains the addresses of said stations 
connected to said second network and said des- 
tination address is not stored in said table. 

23. For a bridging apparatus coupling a first network 
to a second network, a method for filtering mes- 
sages transmitted between stations connected to 
said networks, each of said messages including 
a destination address, said method comprising 
the step of: 

receiving a message from said first net- 
work; 

comparing said destination address of 
said received message against addresses con- 
tained in an address table of said apparatus, said 
address table containing addresses of said sta- 
tions connected to one of said first and second 
networks; 

forwarding said received message to said 
second network when said address table con- 
tains the addresses of said stations connected to 
said first network and said destination address of 
said received message is not stored in said table, 
and when said table contains the addresses of 
said stations connected to said second network 
and said destination address is stored in said ta- 
ble; and 

discarding said received message when 
said address table contains the addresses of said 
stations connected to said first network and said 
destination address of said received message is 
stored in said table, and when said table contains 
the addresses of said stations connected to said 
second network and said destination address is 
not stored in said table. 



24. Bridging apparatus for coupling a first medium to 
a second medium and for providing filtering of 
messages transmitted between stations connect- 
ed to said first and second media, each of said 

5 messages including a field identifying a photocol 

carried therein, said apparatus comprising: 

means for receiving a message from said 
first medium.; 

first means for storing a list of protocol-ty- 
10 pes existing within the stations connected to said 
first and second media; 

second means for storing disposition infor- 
mation associated with each of said protocol-ty- 
pes; 

15 means for comparing said protocol field of 

said received message against said protocol-ty- 
pes; and 

means responsive to said comparison 
means for selectively disposing of said received 
20 message in accordance with said disposition in- 
formation. 

25. For a bridging apparatus coupling a first medium 
to a second medium, a method for filtering mes- 

25 sages transmitted between stations connected to 

said first and second media, each of said mes- 
sages including a field identifying a protocol car- 
ried therein, said method comprising the step of: 
receiving a message from said first me- 

30 dium; 

storing a list of protocol-types existing 
within the stations connected to said first and sec- 
ond media; 

storing disposition information associated 
35 with each of said protocol-types; 

comparing said protocol field of said re- 
ceived message against said protocol-types; and 

selectively disposing of said received mes- 
sage in accordance with said disposition informa- 
40 tion. 
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